Analysis Overview
SHA256
69c80907e182557d42644abcb81bb8739f7ef8e5b658a1b03ba11c27cf13a37a
Threat Level: Known bad
The file Valorant 2024 HACK.zip was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 17:22
Signatures
Privateloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 17:21
Reported
2024-05-09 17:27
Platform
win7-20231129-es
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Valorant 2024 HACK.zip"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5b69758,0x7fef5b69768,0x7fef5b69778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1412 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3340 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2528 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3012 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3044 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2696 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2612 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3816 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1276 --field-trial-handle=1372,i,11753453626474465973,11462618429169609537,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | x.com | udp |
| US | 104.244.42.65:443 | x.com | tcp |
| US | 104.244.42.65:443 | x.com | tcp |
| US | 104.244.42.65:80 | x.com | tcp |
| US | 104.244.42.65:80 | x.com | tcp |
| US | 104.244.42.65:443 | x.com | tcp |
| GB | 142.250.180.3:80 | www.gstatic.com | tcp |
| US | 104.244.42.65:443 | x.com | tcp |
| US | 104.244.42.65:443 | x.com | tcp |
| US | 104.244.42.65:443 | x.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| PL | 93.184.220.70:443 | pbs.twimg.com | tcp |
| GB | 199.232.56.158:443 | video.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| PL | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| GB | 199.232.56.158:443 | video.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
Files
\??\pipe\crashpad_2720_QDHOOTZHJLFUKUTC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\CabB5CA.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Temp\TarDEB1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | bcb293d44db3e5e4f035c641073b6da7 |
| SHA1 | 9964d37b557b4f2d1bd5d712966056865a792946 |
| SHA256 | 57825776a45ccf5f45a72751b5d9e4dd91b90de9366def3fdf1dcbd55417169d |
| SHA512 | 19bb4a1673799755135b94332a610bf732fb7e12cc459e4c640766bb5dec0862c93a078433ae40c88aebe05cf7170b42464db34d359a5f1116bc75193ea312c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e627f76884a273d171286b04902fb9b |
| SHA1 | b9926f5b7de35b94fcae5ed7686b818c68df71f8 |
| SHA256 | d35dc5e97099582dac31487542f5820ea35972d30b00b98f3ebd617cd7be601b |
| SHA512 | fff3194a513798040f80d71a61154ca2d803085c7cff443637d395b8c651c53d13820bed95816f90109ee6effcbf817ffd3fc5a6b540381c99b00691d0ef43e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce9962ae8e12f17896950b44279974c9 |
| SHA1 | 3f9d5993b2c0d90090b517245d3825b25ff6c354 |
| SHA256 | 9952fe45a6d9c9cdeae13cb12330b5dcda56180fe0c13e48eb8460b7c5937af0 |
| SHA512 | d0a7bd5938102eaf06ed9b1ef7796f7ecdc285a8bb27b0c746046906a305c954f0df3874267fdc80baf8260b609a9eb220aabb3df81530401ec920f57330bb10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0d8fef5ab39446b871cd34d6783e5862 |
| SHA1 | de70ec4eedade4e9a6a48c0482cba0f321edca97 |
| SHA256 | 325effd33ab9baac994fa5951f2fabceef82a460b28f75eb9e3727364ea43cc5 |
| SHA512 | 07f8aa8966e8d546a337148058ffeb0cb2a2e171f26032305f1a3370baf913c5dbb0f35cfa3f7011897656974293792aeb39e69713e1084a0b8e32a0ed4bdc67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c83c596200bdc42efbbcd27da71f988 |
| SHA1 | d418f1a197855b9174eff19f96774e9f672f5930 |
| SHA256 | a80f80730e70f55859a959aace689bd07252c2deb4722bb713b5d3a88eabb5af |
| SHA512 | 89fa03ac852f3759ac21958d37ba48c0ecb518aa6fceac35bed0c43a5907ddfe82ba429318037bc43d09202bd9e4c61a7384e045d5ddf89e85022b67c5573ab6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a55ee4b20e4ed28b1c00ee50bd69be5b |
| SHA1 | ddfc00c3492f5abc6205e0edd10a350ca957b6a5 |
| SHA256 | bb26b653cee131367e955b6aaf27ba8a88eecc19984bc747a22d566f9ab7e05d |
| SHA512 | eb5ae22350ef4990cc73df57a749187e21271a79ea142713bb8788cef064ba76e194d9c9cab2782373538569ebba1e815c234455fd3bc7bc35ae65c6b48b055d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaaead1a32168caa0e5b1096e1983a21 |
| SHA1 | 7b365159c6fcf69685c4abc116618844581a8c56 |
| SHA256 | 4e4b11ef4c9ed405c2f57608702ef4b80d97e2fe88c4607b06e00b6c616e6e63 |
| SHA512 | fa9c5843db9f2f2fab5e618bcb2d3e08b2d157472570fe0a3ce06578fa45432d3350659d175c23c5597558e1e17d9db8345640af9eacfb6cf8fc7f464b35b178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b4a825465b2444e4911a4d4af26c7ac |
| SHA1 | 94ad6ff9ce6743b924d6dfdd1cd6844f10968438 |
| SHA256 | c4fa1aedbbd607c7be22c437e982ef9dc1f46789d923169e08ec98403ca47c9e |
| SHA512 | 3d3273e69b221fc3567cf58b51a448808acef0dbcce124c7fc5f9af1089744e138a23b9bb63949a9bd916b7d130fe15e99393add298a75b2345e2166d31e616f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb5b968e11d275d42b08eac1c84e3886 |
| SHA1 | 163ea1996ce2ff26b5716b52d504be9f0bc710c8 |
| SHA256 | 741d1c07e5f4883eafd5d6ab4b307449ac6759a23a211ff3d0a55dbb564fe1f6 |
| SHA512 | 377b29379eb5ba51d7c0ae606bbf469857d595feece5af5d69ae2ccbe9572e8f088fcb86e3a22e7e70190699391ca643ebddcedd683cc15125d3ef1fb2093184 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 53629cc42f237b2ed252e8a794960f98 |
| SHA1 | d20e27ebb17211ad82d108a4594d1cbecd347c37 |
| SHA256 | 50bd05b6ef1195f8b142bd1168fcd9a2d39d775c3ce0e0faf1504df41bd79177 |
| SHA512 | ed743e8ea1009d1bf8bb2f6e8eb0b0ad1b0ad2db6eb9f48204211d4b20bea1fa1c94ac6519745c0b8e8d0f8d2e7c8a35fb0190430f17c5860fbbe70d5789f318 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\97843f66-653e-475a-9fc7-6d4f058b8304.tmp
| MD5 | 1c819a15bd91bbf2ea83d0ab16f43297 |
| SHA1 | f8024bf30e5e8986f04d505ab220d13941b6d931 |
| SHA256 | 5972024508c9988fa1a10521598e3035fdf1bfcf7546daf468f183ee47ea8902 |
| SHA512 | 137cffc52bcf9d4ea7732254d6055a53371bb56bec79d27047698033c6a6273be336df481aebca29d29412dfe8e1763ccdf419b0e7efb6a6f9db4973cdc0add7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | efd473976b6c6ecfcdf1b64b033ea80d |
| SHA1 | 1ea79e76d191c99e994eccbd61e81b76d79a9ac1 |
| SHA256 | 857b74ecb46fe797835694053f24c7ab02625e3d6f2323c48327b8d134997424 |
| SHA512 | 70cd6f6b217000b796f923c43c41790e372310a047447cd52f4593146f39e1d59483f1ae5edd2863a28d9c019c18eba2c493b69168bd7695c95674d959093a30 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 17:21
Reported
2024-05-09 17:27
Platform
win10v2004-20240426-es
Max time kernel
148s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Valorant 2024 HACK.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| BE | 2.17.196.91:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.196.17.2.in-addr.arpa | udp |
| BE | 2.17.196.91:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |